Microsoft is releasing an open-source tool to help application developers examine the causes behind program crashes.
Microsoft plans to unveil the tool, called the !exploitable Crash Analyzer, on CodePlex March 20 at the CanSecWest conference in Vancouver, British Columbia. A Windows debugger extension, the heuristics-based tool is aimed at not only helping developers assess what is causing crashes, but also ranking the seriousness of a bug.
The program works by examining crash data-information gathered when an application stops performing its expected function-to identify the unique issues that caused the crash. From there, the program provides guidance on how exploitable the crash is, and can be used by third-party developers to then prioritize the problem.
“As a tool, it can save developers time and effort,” said Roger Kay, president of tech industry analyst group Endpoint Technologies Associates. “A number of apparently different crashes can actually be caused by the same code. The analyzer isolates the offending block and essentially says, -Here, all these different crashes are actually the same failure, and it’s an important one that you ought to fix right away because it presents an open attack surface.'”
The tool will be available starting March 20 as a free download on the Microsoft Security Engineering Center Website.